Eduroam question, what can they see?

solidgrue , 3 hours ago

Eduroam is just a network of RADIUS servers that cross-honor authentication among participating institutions. If your org participates in Eduroam, it means users from your org can connect to the eduroam WiFi SSID at other orgs, and vice-versa. It’s helpful for traveling academics and visitors from other .edus

It’s also frequently used to authenticate access to online resources like online libraries, journals, and research infrastructure. Useful for when schools collaborate on grant projects.

The eduroam service requires a CA certificate to validate the APs broadcasting eduroam’s SSIDs are providing the real service. The issuer of that certificate isn’t one of the well-known SSL certificate resellers, so it needs to be installed in your device’s CA store, or configured in your 802.1x WPA supplicant. The protocol used is EAP-TLS, if you’re curious.

So what can the hosting institution see? Not much, from an authentication standpoint. Transactionally, the hosting institution sees a username and org name in an outer transaction. An encrypted payload with your user credentials is then tunneled to your home org’s servers which either validate or invalidate those credentials. If the home org validates, then the hosting org lets you connect.

Beyond that, the network admins can “see” whatever they can normally see when you’re using someone else’s infrastructure: your DNS queries, the application ports you use, a lot of encrypted SSL/HTTPS traffic, plus the contents of anything that isn’t encrypted or sent over SSL.

Some orgs disallow tunneling traffic out when you’re on their eduroam, so sometimes IPSec, SSH, Tor, and maybe even WireGuard are disallowed.

Colorfulhipp OP , 1 hour ago

Sorry, I think this is very helpful but unfortunately I’m not english + don’t have much knowledge on the matter, so I really don’t understand much of the things you said…

Thank you for answering, but I must ask you (if you have the time) to explain if they could see or not what I was doing 😭

_edge , 1 hour ago

Short version: No, most likely not.

They see who you are, but not what you do.

Slightly longer: Someone can probably see your connections to google and notion and infer that you are using Notion, but they cannot see your Google/Notion account and not what content you are working on. (Also those are very popular tools, unless you are the enemy of the state number 1, why would they care?)

Even longer: If your laptop or your gmail or your notion account is compromised, they can see everything.

NoneYa , 5 hours ago (edited 4 hours ago)

Depends on how the traffic is being transported and also depends on your device you’re using.

If the device you’re using (smartphone, tablet, laptop, etc.) was given to you by the school or you gave it to them at some point to connect you or add a program to it…you can safely assume that they can view everything on the device. Either they have remote capabilities and can fully view your screen as if it were you or they have detailed logs that provide information about each process that goes on on the device or both. These logs can be related to things you are doing as well as things the device is doing in the background without your input, such as updating apps.

If the device is one that you bought and own and no one has used it or installed anything to it or you didn’t install any such applications that were required for access, then you are likely on the safer side with a caveat…

When on a network like a WiFi hotspot, everything you are doing that goes across the network, whether it is to connect to local devices on the same network (like a printer or other computer) or it goes through the internet (like logging into Facebook in a web browser or in an app), these packets are being sent over this network and may be picked up by anyone who is also on the network, not just the owners or people who managed the WiFi network like the university’s IT department but also other students or guests who are also connected to the same network.

If you are accessing websites or sending data over the http protocol (www.google.com, for example), this is an unsecured protocol and you can guarantee that all data you type into this website can be viewed by anyone else on the same network with very minimal effort on their part.

But if you are using the https protocol (www.google.com, for example), your packets are encrypted. This doesn’t mean that they can not be viewed by anyone on the network, it just means that anyone who grabs these packets as you send stuff over to this website will need to either use the right key or find a way to break it which usually involves something sophisticated like a quantum computer, which some universities do have, but are unlikely using them for this purpose. But just saying, the capability is there.

It’s easy to see whether the website you are accessing is using http or https if in a web browser like Google Chrome, but it’s difficult if using it in an app because the app doesn’t tell you exactly which protocol it’s using. Most newer apps and websites are using https, but there are some outliers. You can find this out if you do some digging on your device through testing, but it’s time consuming.

Do keep in mind that http and https are only two protocols mentioned and there are vastly more protocols out there for other tasks such as peer to peer networking like in torrents, FTP and SFTP for file sharing, SSH and RDP for remotely connecting to another machine, and much more…

Anyway…sorry for the long comment reply, but this is all to say that it depends.

It’s best practice policy to be careful what you do when on someone else’s network and you know others are on it too because you never know who is on and what kind of tools or technology they have access to. Best to use common sense by not visiting suspicious/sensitive websites/apps on your most used devices or instead using throwaway accounts and devices if doing so, ones that won’t come back to identify you and ones you wouldn’t mind losing if lost. Such as, be careful about incriminating yourself if discussing crimes you’re committing or logging into something like an online banking app or website or checking your crypto wallet on the net.

Colorfulhipp OP , 4 hours ago

Thank you!

A few question if you have the time:

• the laptop is mine. I bought it and it had nothing to do with uni, but during covid they gave us free Microsoft Office access through our univeristy’s email, and on this laptop I have logged to two accounts: my personal one, which is the first one that appears on start > settings > account. If I scroll down to School and work accounts, I have a microsoft account with my univeristy email and password. So I have added that as a microsoft account. And they are both connected. I don’t know how to check what they have access to etc.
• about notion: How do I know how I’m navigating it (https etc)? Does it depend on the app (I was on the app installed on my laptop) or what? Is there a way to check now? I sent Notion Support an email but don’t know if they can help or if it depends on me

Colorfulhipp OP , 4 hours ago

also let’s assume I have given them access to my device in some way. If I format my laptop, would it be safe? Worried about my phone too cause I’m getting paranoid now haha

NoneYa , 4 hours ago

Microsoft Office applications are unlikely to give them any of this kind of access. The most they would have is the ability to see the location and IP you sign into the app on, like if you visit London and sign into Microsoft Word there, they may be able to see that location and the IP you were given on the network there. Unless you got this from Microsoft who has built the app, then that’s a different story since they have much greater control over the software than your uni would.

The programs you most are worried about would be things like antivirus or VPN apps that have the ability and known history of tracking and logging events on the machine it’s connected to.

To determine the exact ports you’re using, such as in this app, one of the best ways I’m aware of is to have another deceive on the same network and have a program that listens/sniffs web traffic and then filter just for the device you are using to see what protocols are being used at a given time you’re aware. Time consuming and a bit of a learning curve to know what everything means and what you’re doing, but it works for this purpose.

As for your last reply about formatting the device…you can delete everything and this usually removes any spyware, but not always foolproof. In some rare cases, malware has been installed to the BIOS firmware, then no formatting of the Windows OS, for example, would fix this. Also, if something like Microsoft Intune was installed to the device, it’s possible that they can bring the computer back up from a restore or they have already backed up everything and can view it at their leisure. But in most cases, formatting is a good way to conceal yourself from prying eyes if you believe you may be compromised.

themoonisacheese , 2 hours ago

Notion syncs using https. It’s safe to say that as long as you haven’t specifically installed weird apps (notion is not a weird app) nothing going on on your PC is visible to anyone else.

This is of course, not true of enterprise and school devices, which usually have very powerful antivirus solutions installed that allow the work/school to see whatever you do (though they mostly don’t care, as long as you aren’t causing trouble on the network or doing things that might get them sued)

fin , 5 hours ago

I guess it’s fine as long as you’re connecting with HTTPS. All they can see is the fact that you’re accessing notion’s server, unless they do something like deep packet inspection. Also, I’d recommend using DoH.

Colorfulhipp OP , 4 hours ago

But how to know that? Does it depend on the app (I was on the app installed on my laptop) or what? Is there a way to check now?

fin , 3 hours ago

Notion implements HTTPS connection, so you don’t need to care about that. If you really want to monitor what’s going in/out your computer, you can use something like Wireshark

Colorfulhipp OP , 3 hours ago

I wasn’t on the website though, on the app installed on my computer

fin , 3 hours ago (edited 3 hours ago)

I think what notion desktop app actually does is simply display notion.so , and accessing the website from your browser is basically the same.

Plus, I’d strongly recommend you to ask the IT guy instead, as he knows far better than me about this

Trebuchet , 4 hours ago

This might be of interest to you: theferret.scot/edinburgh-university-denies-survei…

stoy , 4 hours ago

IT guy here, I work in the finance industry and have never worked with eduroam, but I have some experience of what we normally can see.

I am not an infosec guy, so I can’t speak to what they can see.

In my experience a normal IT team will see the connections your computer makes to the remote host (in this case google), but can’t see the information transfered.

This depends on if your connection uses https (gmail does) and weather or not the network uses deep packet inspection.

Https encrypts the traffic, sort of like you putting a big pink stuffed elefant in your car boot and driving it to your new place, people won’t see the big pink elefant, but they will see your car going from A to B.

Deep packet inspection is like a security checkpoint between A and B, the officers will open you car, log that you are carrying a big pink stuffed elefant, and send you on your way.

You can use a tool like ssllabs testing service to find out the issuer of a certificate, and compare that to the issuer on the certificate you get in your browser.

Here is the link to ssllabs testing service:

www.ssllabs.com/ssltest/

However, the most important thing to remember is that we as IT guy don’t care about what you do unless you break the rules or in some other way are causing harm to the network.

We don’t do pinpoint surveilence, unless we have a reason to.

We collect data yes, but that is only really used for statistics and troubleshooting.

But we have plenty of automation that will log the shit out of a misbehaving system, there are plenty of similar systems, but the one I am familiar with is Microsoft Defender 365.

If it notices something odd or bad it will log everything related to it, files modified, the user running the program, registry values changed, connections to other computers, commands run, and more, but it will only do that when bad action is being taken, not just by connecting to gmail.

We in IT don’t have time or interest in looking at generic logs for fun.

The one thing that might be putting you on the radar is the use of a third party app, it might not be approved software if you ran it on a company laptop, but since it is a personal laptop, I wouldn’t worry about it.

TL;DR: It is doubtful that they will see what you have written, and even less likely that they have access, and even less likely that they care or even knows about it.

But if you fear people reading what you write, you have two options, one easy, the other one less so.

1. Stop writing, easy, then there is nothing to be found.
2. Local encryption, get veracrypt, create a new encrypted file, mount it, format it, and save your texts there.