Quoted:
Quoted:
I'd say it's not as easy as YOU think -- you must not be in the "proof" business!!
In a case like this, there needs to be more than technical information, no matter how you lay it out.
There has to be a combination of the technical facts AND the demonstration of intent.
View Quote
Well, you're incorrect. It is very easy to prove intent and provide the technical documentation required.
It is simple to determine a mistake (an inadvertent click on a link, along with all the popups) from deliberate surfing. All you have to do is go thru the trace and you can reconstruct every action. You can even replay the trace and duplicate every action taken, step by step. In the case you cited, it would be very evident in the trace that all the pop ups resulted from the page that downloaded, as you'd be able to see the page code that initiated the popups as it crossed the network.
The only part that could not be determined (initially), is whether the website you originally typed was accidental or deliberate. Your subsequent actions who determine this. If you clicked on links,
View Quote
let's see, now
downloaded photos,
movies,
music,
View Quote
All these things were automatically downloaded from that accidental visit and would be in your log ....
chatted, etc. that would prove intent.
View Quote
From an employee's point of view, the chat is of course different - as it involves conscious input of a type such that the keyer would hardly be able to say they didn't understand what the computer would do as a result.
What you described shows absolutely no intent. In fact, the trace would show clearly that it was accidental and that you had no control over the popups.
View Quote
Well, that's what I would say, too. But I think you underestimate what a manager/supervisor with an agenda will do. Suppose I had turned the fellow in for taking an entire day off on 4/2 claiming he was on the first day of a conference that actually didn't start until 4/3.
And suppose by process of elimination that he figured that I was the one who got his ass reamed.
How would you feel about supplying him with the sniffer information, and explaining that it appeared to be accidental. Then having him go through the information and picking out all the items like "tits.jpg", "blowjob.gif", and all those cute little animated gif's and other thumbnail 'motion graphics', and ignoring your explanation that it looks like an accident, but using the juicy parts to fire my ass?
Manager: "So you say that Joe then clicked his mouse and the computer went to this web site, where someone is having sex with a boy dressed up as a goat?"
Neil: "Yes, but it appears to be an acci--"
Manager: "That's all I need to know. Thanks for your time-- I have to take this report to a meeting."
I bet you'd feel pretty shitty.
I have no problem with taking appropriate measures with intentional abusers, and I think it's best corrected at the tech level.
Once it gets out of your hands, though, the use (and misuse) of that information is out of your control.
Maybe to discourage this kind of misuse by the "suits", the computer people should have a policy of only releasing an objective report that states strictly your expert opinion, and leaves out any computer/sniffer data that could be twisted to devious ends....