Disabling Private Browsing
 

We are working in a small office and use exclusively macs with OSX.4

One of our staff is seemingly using office time to privately check emails and access porn web pages. He hides this by using the Private browsing feature in Safari.:mad:

We would like to have proof of his activities before we confront him or in some way disable the Private Browse feature.

Does anyone know how to do this?

thanks for your help in advance.:D

If you are the administrator, you can simply lock the user out of Safari so they are not able to use the browser. In addition, download a browser such as firefox that doesn't have this feature. I am not sure how to easily disable this feature while still having a functional browser.

You may even have a router that can log IP addresses that a user visits and check their use that way.

In all fairness, you should let the employee know that you have the right to monitor their use on the internet for activities not related to work and that if abuses are found there may be consequences.

I agree with the above.....
 

In these situations i feel it is better to deal with it by warning people first.

The best thing to do is to put a memo out to your employees saying that you will be monitoring internet usage. Explain that it is not acceptable for employees to use the companies internet connection for extended private use.
Picking up a few personal emails is the least of your worries!

If the problem persists then of course you will have to take further action.

If you have a good firewall you can find logs of sites visited from a particular IP address. This will give you all the proof you need by the sounds of it.
You can lock out safari if need be and move to Firefox but the above should help.

thanks
 

Thank you for the idea of switching to Firefox.

We have warned this individual on 3 previous occaisions. Checking personal emails is fine as long as it is not hours every day as we expect in this case. We just need the proof.

understood
 

Firefox and Firewall logging the way to go....
Hopefully the person in question will listen to final warnings.

He sounds like a bit of a Porn Mistier :-)

You can very easily block certain sites on a per-computer basis by listing them in /etc/hosts along with a different IP address (real or fake), but you need to know all the domains, tricky unless he's got a few popular ones.

If you run your own DNS you can do all sorts of things, but if you run your own DNS you know that already :D

This is a fun read, and an example of what's possible:
http://www.ex-parrot.com/~pete/upside-down-ternet.html

Try the peer pressure method: Log all internet use*, sort it by user and domain, then post the list in the lunchroom.

* Your router might do this, otherwise run a packet sniffer on your own machine.

Disable Private Browsing

1. Go to applications folder in Finder
2. right click (with a mighty mouse or 2 button mouse, or Control+click for one button mice) on safari and choose "Show Package Contents"
3. Go to Contents, then Resources, then English.lproj folder (or a respective folder for whatever language you have maybe)
4. Double click on MainMenu.nib to open it in interface builder
5. look at the window with the safari menu, click on Safari to expand it, then click on the Private Browsing menu item.
6. hit the delete key and it disappears!
7. hit apple+s to save, close interface builder if you want, and relaunch safari.

Thats what we were looking for!!!! thanks alot
- and for those that are interested in this story. We have now issued the 2nd written warning to the individuel concerned and he admitted part of it and said that he would work 2 hours a week "amends" for 1 month. Also a memo was circulated that we will be monitoring internet usage more closly.

It seems rather useless to disable Private Browsing since all that features does is automate what the user can easily do manually: clear Safari's History and Cookies.

Others have already mentioned the correct approach to this sort of problem - monitor and log the network accesses coming from this computer.

You can use the same method to remove the Empty Cache command and History Menu item.

You could also just remove Safari altogether and set him up with Lynx running in a terminal window. That would probably get the message across. :D

And then a sufficiently-motivated user would learn about how to remove the associated files via the command-line or via one of the many 3rd-party utilities for "cleaning up" your browsing history.

I guess you can put the users under parental control.

It seems to me that what Hayne is implying is something I think to be true (forgive me if you don't really agree with this, Hayne): You are trying to find a technical solution to a human problem. Anyone who seriously believes that parental controls by themselves keep kids from accessing the darker side of the internet is acting under a delusion. For any technical measure you take, someone can find a technical counter-measure if they are clever and motivated. The solution to a problem such as you describe has to involve persuading the person who is acting badly that they should behave better. If the employee is extremely valuable to your organization so that termination is not an option, or at least a last resort, then reasoning with them (as it seems Steiner is also doing, I'm glad to see) is going to be the best approach. I do understand the quite reasonable fear of litigation employers may feel and therefore wish to "document" the misconduct in some way, although disabling private browsing (as has been established) is a poor way to achieve that sort of documentation. But when it comes to the use of company owned equipment for non-business related, not to say potentially illegal, activities, the courts have very consistently sided with the company's right to control this, and if you've given sufficient written warning, this won't be an issue.

Frankly, a certain amount of personal use of the computer seems to me to be inevitable and even beneficial, so long as it does not impact company morale or moral values, or make the worker unproductive. When it becomes destructive, then steps do have to be taken, but those steps may also include counseling. Whether pornography is an addiction in the strict sense or not I can't say, but it can become a powerful compulsion for some people and they may need help overcoming that. If the person just cannot or will not desist and their work is seriously impacted, or the company is jeopardized by their activity, then one has to bite the bullet and dismiss the employee. One hopes, of course, that it does not come to that very often.

It is far too easy to think that there ought to be a simple technical solution to these issues, but the fact is that the computer is just an extension of the individual, and it is ultimately the individual who has to learn what is appropriate and what is not.

Joe VanZandt

ASCII porn, eh? ;)

My sense is that in this case it has already come to that, and the OP is just looking for evidence to back up the company's position.

Some routers have the capability to log internet use. What router is your company using?

policies I have seen in the past that work.
 

This is a great solution for an 8 year old. Every web site that she wants to visits, she needs to ask me for permission. I have to log into the site and add it to her bookmark. Sure when she becomes more savvy and demanding, I will have to think of other solutions such as using contentbarrier from Intego.

I partly agree with this. I think that you have to persuade the person as well as backing up persuasion with technical knowledge of the problem and a potential firing of an employee. In other words, you have to make an example out of someone. I believe that some companies employ filters so that obscene web sites are not assess. Believe it or not, the company maybe responsible for the content on their machines and can be sued or charged if it violates state or federal law. In some states, this content goes beyond the computer and into casual conversations and phone communications. Harassment and obscene content extents well beyond computers.

Taking the browsers away may not be an appropriate solution since other applications can act as browsers such as Real Player, some widgets, etc... Beside, the browser may be needed for research and to gather information. Inhibiting information from the use of the internet will cripple any companies ability to function. Even if a person is using a browser, there are many other ways to abuse a company fair use policy such as excessive IM chatting, playing games, downloading music, etc.... All of these are just as abusive.

What companies have done in the pass is to hold meetings explaining their computer policy, phone policy, harassment policy and letting employees know where the line is drawn. Companies know that they are not able to stop any employee who intentionally want to abuse the system so they state their policies and log all activities from computers and phones. If someone violates the policy, there are consequences up to an including termination. In a working environment, as soon as someone is terminated for a policy violation, everyone will comply.

Both very true, but they need both skill and motivation. If they are having a small self-control problem then a speedbump might be all that is needed (works in the parking lot). If it doesn't work and you need to fire the person you now have additional reasons - they very deliberately bypassed the restrictions in a manner not regularly done (or even known about) by the average user. Where did they learn these methods? Not at the company computer classes and not here, we regularly close such threads. Sounds better in front of a judge.

If he is getting fired, the company should probably image his home folder for a week, burn it to a DVD and give that to the company lawyer.

Wow --- I was gone for the weekend and see what happend.

I sparked a debate!!

We do not want to ban internet usage for personal reasons and we for certain do not want to terminate anyones employment for this reason. We just want to take the temptation away and make our staff more productive. Which in a round about way will benefit the employee, by being able to earn a larger bonus.

However if the person disagrees with policies of the compnay and ignors the direction of the management that is a different matter.

Now we also have a log of all IP addresses visited. But written warning was the way to go and it seems like the situation is under control.


I will update you if there is another drevelopement.

Just the IP addresses? Not enough. One IP address can have several unrelated websites. I heard of one extreme case that had >100,000 websites on one IP address. So you would have no idea if that user was visiting knitting.org or taiwantrannies.com.

HA! What a great idea...of course, he'll likely find some "erotica" sites to visit.

Ooooohhhhhhhh........... ASCII porno!

The clever way to circumvent all of this is to use your mobile phone as a modem and set up the computer to pair with the phone. Now when you need to do your personal affairs, you simply connect to the internet via your phone modem. This way, you will be the only one logging your personal use. If your boss walks by, you simply switch to Excel or something. No one would ever suspect that you are logging on via the phone and no one will ever bother to ask why isn't his computer connected to the internet most of the time. They will simply think that you don't need it.

Mate you are missing the point of this whole conversation. This is not a thread on how to prevent the use of personal use but rather the honesty and productivity aspect form the employers point of view.

Interesting to see how this is developing.

Rather than delete the Private Browsing menu item, why not make it so that it is still there but doesn't actually do anything? That way he will think he is using private browsing when in fact Safari will be logging everything. Hey presto you have evidence of what he has been doing and you can discipline him.

I apologize for having perhaps been guilty for diverting the point of Steiner's post. My point was really more general, and I confused the matter by applying the general point (which I still think is important--that we can't expect technology to provide easy solutions to problems whose roots lie in human agency) to the particulars of Steiner's description of an employee behaving irresponsibly. The practical nature of his question was not really needed to make my general point, and it was perhaps a mistake to jump on the opportunity to make this point in this post. Maybe the Coat Room would truly be a more appropriate posting site for my observations on this issue. In any case, it wasn't my intention to obscure this thread, so I apologize for having done so.

Joe VanZandt

Dang, Bob, how do you guys know this stuff??! I want to go to the school you went to! Amazing trick, and I suspect that it's good for removing any of the menu items you don't want. Thanks for this tip.

One way to learn this sort of thing is to go back and read through the huge archive of tips on the main macosxhints site. Or buy the book which assembles the best tips into a more coherent format.

There's a book created from this site? I want it! Where can I buy it? I did a search through the site, as well as Amazon, but couldn't find anything related to macosxhints.

Thanks, edalzell. Just grabbed a copy.

lost on step 5
 

:(Can you help me with step 5, I cannot figure this out. I don't even understand it. Thanks

Pull Down the Safari menu and select Private Browsing…

Hello all. I was searching for a way to disable private browsing for my kids and the Mac store employees as well as tech support said it was impossible. I'm so happy to have found this! So please pardon my ignorance gentleman, but I'm not computer savvy at all. My young children understand more than I do. With the above steps, I got as far as step 4 - I have no idea how to open MainMenu.nib in an interface builder.

I would be very grateful if someone could please explain this in a bit more detail as well as the following steps just to make sure I do it correctly without hurting anything else. Thank you so much!

Your are probably looking for the "Interface Builder" application aren't you? The application will be found in a the Developer folder either in your Applications folder or at the root level of your HD.
In the Developer folder, there is another Applications folder, the Interface Builder.app should be in there.
If you don't have anything in the Developer folder, check to see if you have the Xcode Tools installed. It may be in a folder in your Applications folder named Installers. In the Xcode Tools folder look for Packages, then double click on the "DeveloperTools.pkg"

Getting Firefox to fix this is incorrect. In fact it is better at getting rid of history than Safari with a free plug-in that the development site suggests.

Along with some of the suggestions I read above you should be able to go into the firewall logs (if you have one) or your network switch and examine the logs. Most better switches through in free admin software that lets you review who is going where and for how long in various forms. Generally tracked by MAC address and IP address.

To get around companies firewalls, use your cell phone.
 

Just to add; many people are using the cell phone/wireless broadband method to check personal email these days. So many companies are locking down the networks that you can't check email, surf youtube etc.

Unless companies start banning cell phones and PDAs (like iPhones), that is the best way to surf pr0n or check email without your boss knowing.:D

Uhm, your kids can still delete the history within a couple of mouse clicks even if you remove the PRIVATE BROWSING feature.

The best way (other than slapping your kids around) is to implement browsing policies on your router. On most Linksys routers, you can set up browsing schedules, block ip addresses of websites, etc.

I've been asked to do this so many times for parents, I'm seriously thinking about starting a side business doing just this.

I know they can still delete things but I've installed a program called spector which records snap shots of the screen for me to review, but again, they're smarter than I am - they figured out that when the CPU(?) spikes that it's taking a snapshot and they started quitting things in the activity monitor until the spikes stopped, thus stopping the snapshots. Then they can use private browsing or just delete the history. I set up an administrator account so they have to have my password to quit programs now, but I'd just like to add the extra precaution of disabling the private browsing.

I downloaded xcode tools, at least I think I did. But I'm still lost when it comes to the double clicking on mainmenu.nib to open it in interface builder.

I would very much appreciate someone taking the time to explain this to me. Thank you!

If you truly want control over your children's use of the computer, create one (1) Administrative account with a secure password and remove administrative privileges from their accounts. This way, only you have the power to use programs like Activity Monitor.

In order to edit the mainmenu.nib, you need to install the Developer's Tools from your OS X disc. this will add utilities, including Interface Builder for this project.

EmmaJ,

You might have missed this in the earlier posts in this thread, but someone else (apologies to whomever I am failing to credit right here - they posted it even before sparky above) correctly pointed out that you can accomplish the same thing as private browsing by deleting the history and emptying the cache. Both of these options are found in Safari's menu items. If your children are as savvy as you imply, they will figure this out in no time and you will be back to where you are now.

I would advise following Las_Vegas' suggestion above and creating a separate account for your kids to use - one that doesn't have administrative privileges. Also, I'm not sure how the computer arrangement works in your house, but there should be no reason why they can't do their computing and surfing in common areas of the house where you can walk by and observe what they are doing. And I would recommend specifying the amount of time they are allowed to be on the computer - don't let it be idle time (idle hands, etc, etc) - if they are not on the computer for a valid reason, then it's time to get off. Just some suggestions from one parent to another.