Can my workplace view my Tor traffic?


  • Don't use work computers for personal use, people!

Many network policies forbid personal use. Our policy states that personal use is not forbidden but is monitored. If you don't want to be monitored you need to use equipment you control.

TL;DR: If you don't want your parents to know you smoke, don't smoke in front of your parents.

Work Equipment

If you are using a work computer, yes, if they want to, they can monitor everything you do. All they have to do is install software on your computer (which is actually their computer) which logs all web browsing activity.

If I caught someone using Tor in my organisation (absent special permission) I would fire them on the spot, for violating half a dozen policies, including circumventing our protections against data exfiltration, required both by data protection law and our agreements with our customers.

Own equipment

If the equipment is owned and controlled by you, I am wondering why they have given you permission to connect it to the network.

If you don't have permission, then again, that is grounds for termination.

If you have permission

If you are using your own equipment, and you have permission to connect to the network, (for example the company supplies visitor Wi-Fi as a courtesy, and allows staff to use this) then you are in the same position as when you use a hotel, coffee shop, or fast-food restaurant Wi-Fi, and there is then nothing special you need to know.

So what should you do?

If you want to e.g. email your doctor about your cancer diagnosis without alerting your employer, you should do it from your smartphone, using the data connection.

Generally speaking No. Assuming:

  1. You follow Tor's best practices

    Tor does not protect all of your computer's Internet traffic when you run it. Tor only protects your applications that are properly configured to send their Internet traffic through Tor. To avoid problems with Tor configuration, we strongly recommend you use the Tor Browser.

    so if it's not setup correctly things can still leak like DNS requests for example.

  2. You are using a private computer (or at least one the company doesn't control). If they are admins on your computer they could install VNC or some logging software that will record your actions regardless of what software you use.

You should be aware that Windows allows administrators to run scripts on any computer that connect to the local Windows domain, so if you login to the domain, the admin controls your computer.

The same is potentially true by just connecting to the network. This is the untrusted network threat model, which is almost impossible to protect against unless your computer sends 100% encrypted traffic - which it doesn't. One unencrypted auto-update request, from Microsoft or some other vendor, gives anyone in control of your network the ability to install any code they want on your computer.