I was connected to the uni’s wifi, which I access with my institutional account, on my personal laptop. If using the app Notion - accessed with my personal gmail account - and writing on it, what can they see? do they have access to what I’m writing? Do they just see I’m using it?
IT guy here, I work in the finance industry and have never worked with eduroam, but I have some experience of what we normally can see.
I am not an infosec guy, so I can’t speak to what they can see.
In my experience a normal IT team will see the connections your computer makes to the remote host (in this case google), but can’t see the information transfered.
This depends on if your connection uses https (gmail does) and weather or not the network uses deep packet inspection.
Https encrypts the traffic, sort of like you putting a big pink stuffed elefant in your car boot and driving it to your new place, people won’t see the big pink elefant, but they will see your car going from A to B.
Deep packet inspection is like a security checkpoint between A and B, the officers will open you car, log that you are carrying a big pink stuffed elefant, and send you on your way.
You can use a tool like ssllabs testing service to find out the issuer of a certificate, and compare that to the issuer on the certificate you get in your browser.
Here is the link to ssllabs testing service:
https://www.ssllabs.com/ssltest/
However, the most important thing to remember is that we as IT guy don’t care about what you do unless you break the rules or in some other way are causing harm to the network.
We don’t do pinpoint surveilence, unless we have a reason to.
We collect data yes, but that is only really used for statistics and troubleshooting.
But we have plenty of automation that will log the shit out of a misbehaving system, there are plenty of similar systems, but the one I am familiar with is Microsoft Defender 365.
If it notices something odd or bad it will log everything related to it, files modified, the user running the program, registry values changed, connections to other computers, commands run, and more, but it will only do that when bad action is being taken, not just by connecting to gmail.
We in IT don’t have time or interest in looking at generic logs for fun.
The one thing that might be putting you on the radar is the use of a third party app, it might not be approved software if you ran it on a company laptop, but since it is a personal laptop, I wouldn’t worry about it.
TL;DR: It is doubtful that they will see what you have written, and even less likely that they have access, and even less likely that they care or even knows about it.
But if you fear people reading what you write, you have two options, one easy, the other one less so.
-
Stop writing, easy, then there is nothing to be found.
-
Local encryption, get veracrypt, create a new encrypted file, mount it, format it, and save your texts there.
-
This might be of interest to you: https://theferret.scot/edinburgh-university-denies-surveillance-claims/
I guess it’s fine as long as you’re connecting with HTTPS. All they can see is the fact that you’re accessing notion’s server, unless they do something like deep packet inspection. Also, I’d recommend using DoH.
But how to know that? Does it depend on the app (I was on the app installed on my laptop) or what? Is there a way to check now?
Notion implements HTTPS connection, so you don’t need to care about that. If you really want to monitor what’s going in/out your computer, you can use something like Wireshark
I wasn’t on the website though, on the app installed on my computer
deleted by creator
Thank you!
A few question if you have the time:
-
the laptop is mine. I bought it and it had nothing to do with uni, but during covid they gave us free Microsoft Office access through our univeristy’s email, and on this laptop I have logged to two accounts: my personal one, which is the first one that appears on start > settings > account. If I scroll down to School and work accounts, I have a microsoft account with my univeristy email and password. So I have added that as a microsoft account. And they are both connected. I don’t know how to check what they have access to etc.
-
about notion: How do I know how I’m navigating it (https etc)? Does it depend on the app (I was on the app installed on my laptop) or what? Is there a way to check now? I sent Notion Support an email but don’t know if they can help or if it depends on me
also let’s assume I have given them access to my device in some way. If I format my laptop, would it be safe? Worried about my phone too cause I’m getting paranoid now haha
Notion syncs using https. It’s safe to say that as long as you haven’t specifically installed weird apps (notion is not a weird app) nothing going on on your PC is visible to anyone else.
This is of course, not true of enterprise and school devices, which usually have very powerful antivirus solutions installed that allow the work/school to see whatever you do (though they mostly don’t care, as long as you aren’t causing trouble on the network or doing things that might get them sued)
deleted by creator
-
Eduroam is just a network of RADIUS servers that cross-honor authentication among participating institutions. If your org participates in Eduroam, it means users from your org can connect to the eduroam WiFi SSID at other orgs, and vice-versa. It’s helpful for traveling academics and visitors from other .edus
It’s also frequently used to authenticate access to online resources like online libraries, journals, and research infrastructure. Useful for when schools collaborate on grant projects.
The eduroam service requires a CA certificate to validate the APs broadcasting eduroam’s SSIDs are providing the real service. The issuer of that certificate isn’t one of the well-known SSL certificate resellers, so it needs to be installed in your device’s CA store, or configured in your 802.1x WPA supplicant. The protocol used is EAP-TLS, if you’re curious.
So what can the hosting institution see? Not much, from an authentication standpoint. Transactionally, the hosting institution sees a username and org name in an outer transaction. An encrypted payload with your user credentials is then tunneled to your home org’s servers which either validate or invalidate those credentials. If the home org validates, then the hosting org lets you connect.
Beyond that, the network admins can “see” whatever they can normally see when you’re using someone else’s infrastructure: your DNS queries, the application ports you use, a lot of encrypted SSL/HTTPS traffic, plus the contents of anything that isn’t encrypted or sent over SSL.
Some orgs disallow tunneling traffic out when you’re on their eduroam, so sometimes IPSec, SSH, Tor, and maybe even WireGuard are disallowed.
Sorry, I think this is very helpful but unfortunately I’m not english + don’t have much knowledge on the matter, so I really don’t understand much of the things you said…
Thank you for answering, but I must ask you (if you have the time) to explain if they could see or not what I was doing 😭
No more than someone running a coffee shop wifi would see. Some basic traffic for name resolution then encrypted traffic for web browsing that they can’t read. Unless your notes application transmits in cleartext (unlikely).
Short version: No, most likely not.
They see who you are, but not what you do.
Slightly longer: Someone can probably see your connections to google and notion and infer that you are using Notion, but they cannot see your Google/Notion account and not what content you are working on. (Also those are very popular tools, unless you are the enemy of the state number 1, why would they care?)
Even longer: If your laptop or your gmail or your notion account is compromised, they can see everything.
Compromised…? 😨 What do you mean
If your Web browser or OS accepts a CA issued by the school.
But how to check that
Navigate to notion.com. check the certificate. (Click on of the icons in the browser bar on the left). Remember what you see (take a screenshot)
Do the same in a different Wifi network.
If the certificate differs, this is highly suspicious.
You’ve asked a similar question here before this post. Have you been naughty? :-)
At your uni, you probably have what’s called a reasonable expectation to privacy-- the terms of use for accessing the computer and network facilities would be spelled out at your uni’s IT website.
The information observed and reported on by their tools most likely amounts to what websites and services you looked up by name, and the IP addresses & ports you accessed while using their network. It will be things like start & stop times, protocol used, number of bytes transferred, and maybe some “flags” on the connection. Flags in this case are special markings on the data flow to give the network hints about how to hand that traffic most efficiently.
MS Office Online, Notion, Gmail, they all use secured HTTPS connections, so the content is secured between you and the remote service.
As long as you’re not doing anything illegal or that severely violates the terms of use laid out by the University, nobody will even notice your traffic. Hack away.