Wednesday, February 28, 2007


Follow-up about public computers

Back in October, I wrote about the dangers of using public computers. On Monday, Boing Boing sent us here to see this:

SnoopStick™ is a USB flash drive type device that allows you to monitor what your kids, employees, or anyone using your computer is doing while on the Internet. And, you can monitor them live, in real time, from anywhere in the world.

Simply plug the SnoopStick into the computer you want to monitor. Then run the setup program to install the SnoopStick monitoring components on the computer. The whole process takes less than 60 seconds.

The SnoopStick monitoring components are completely hidden, and there are no telltale signs that the computer is being monitored.

You can then unplug the SnoopStick and take it with you anywhere you go. No bigger than your thumb and less than 1/4" thick, you can carry it in your pocket, purse, or on your keychain.

Any time you want to see what web sites your kids or employees are visiting, who they are chatting with, and what they are chatting about, simply plug in your SnoopStick to any Windows based computer with an Internet connection and a USB port. SnoopStick will automatically connect to the target computer.

Monitor both sides of IM conversations in real time or tell SnoopStick to display recent activity. Check the sender and recipient of every email sent or received. You can even log the user off, disable internet access, set time restrictions or even turn the computer off. All using your SnoopStick from any computer.

So in case you didn't believe me....


The Ridger, FCD said...

One of their claims/selling points is this:

Completely secure. Only your SnoopStick can access your computer or change the settings you have chosen.

Do these things make your computer immune to someone else using a SnoopStick? Or is this misleading?

Barry Leiba said...

Well, they don't give enough details for me to say anything for sure, but the technology is certainly available and inexpensive for that to be an accurate statement. I'll assume that the device has an encryption key on it, that the communication is encrypted with that key, and that each device has a unique key. Since you're using the same device to install the "server" code (the monitored computer) and to run the "client" code (the computer doing the monitoring), they both have the encryption key. I'd have to know how the key is stored on the monitored computer in order to have a better idea of how hard it'd be to hack. I'll assume that they're using a long enough key and a modern encryption algorithm (but that might be a faulty assumption).

So what all that means is that if you want to use this thing for its legitimate uses (to monitor one of your own computers remotely), it's probably safe to do so... and it seems cheap enough.

The problem, of course, is when someone goes and installs it on a computer in the local Internet cafe, contrary to the manufacturer's advice (wink, wink), here:
Is SnoopStick legal?
Yes, as long as the computer you want to monitor is owned by you, or you have permission from the owner. We do not recommend that you install SnoopStick without permission on a computer you do not own, as you may violate state or local law by monitoring the activities of someone using property that does not belong to you. Use of monitoring systems in the workplace may also require some sort of employee notification and we would strongly recommend that you check your governing employment laws.

scouter573 said...

I don't need no stinking SnoopStick. I just use my psychic powers to tell what you're looking at. And, no, I won't demonstrate at your command. Trust me, I know what you're doing.

Anonymous said...

It doesn't work on Macs.

Barry Leiba said...

No, of course not; nothing works on Macs.

[Barry heads for cover...]

BadTux said...

This is nothing new. Back when I was teaching high school computer science back in the 1990's, I had the same technology available to me. I could see every student's computer screen from my desk without having to walk over there to look more closely, and could control it using the mouse and keyboard if necessary. More recently, a free technology called "VNC" has been very popular with corporate network administrators because it allows their help desk to connect to a malfunctioning computer and figure out what went wrong without having to get out of their chair and actually go to the computer. This 'vnc' technology is *free*. Indeed, I use it every day so I can use my home computer while I'm at work to do things that I don't want done on the work computer.

The technology has some limits, though. Most public computers should be locked down so you can't install software on them without the administrator password, so it is unlikely you could install this software on someone else's public computer. Secondly, you need a full-time high-speed internet connection with fast uplink speeds to adequately monitor a computer at home from a remote office. Finally, when you connect to a computer running this software, it slows that computer drastically. Modern computer networks simply aren't fast enough to keep up with modern graphics-intensive operating systems if they're having to shove all those graphics over a network wire.

One thing I will tell you as a former system administrator and computer lab maintainer -- always assume, when using any computer that is not your own, that every keystroke is being monitored and that the owner of that computer can view your screen at any time. People get fired every day because they think they can use their computer at work to do non-work-related stuff and not get caught. Uh-uhn. Even small shops like the small 40-man company I worked at last year can see everything you do at any time with software similar to this. The technology has been around for years , and it's surprising that more people don't know about it.

Oh -- there is an equivalent for Macs. So don't feel sanguine because your workplace has Macs instead of Windows. I even found a very special version of the 'vnc' program that will allow you to control the Linux console... so even the Linux geeks can be monitored. But the Linux geeks are much more likely to know how to get rid of it...

-Badtux the Computer Penguin