Admin "spying" on your chats

Description

Some disturbing things are happening at work where a supervisor mentioned that she had read a comment from me in a private rocket chat channel with a colleague. This colleague left the company so I’m guessing an admin can access archived chat content once the account is disabled. But now I’m a bit paranoid. Can an admin read my private chats while my account is still active? Basically spy on me while I’m still there?

Server Setup Information

  • Version of Rocket.Chat Server:
  • Operating System:
  • Deployment Method:
  • Number of Running Instances:
  • DB Replicaset Oplog:
  • NodeJS Version:
  • MongoDB Version:
  • Proxy:
  • Firewalls involved:

Any additional Information

With any software you place your trust in someone. With managed services you put your trust in another company not to look at your data. With self-hosted you place your trust in who ever maintains the server.

If this admin is also the administrator of the physical server its installed on… Its possible they accessed the Database directly.

My recommendation would be to use e2e in any channel you wish to have a private conversation with if you do not trust your admin. This encrypts the messages on your local computer so all messages are stored encrypted in the database. Though of course do so only if your company allows this. :slight_smile:

1 Like

Thank you so much for the reply. I was told that with Gmail, the permissions do not allow for an administrator to access content while an account is still active. Is there a way to replicate these same security measures/permissions in Rocket Chat? Thanks.

Rocket.Chat isn’t providing admin a way to view messages via the UI at all in community edition. But nothing we can do about database access. If your servers sysadmin looks at the database for some sort of personal reason… your servers sysadmin is likely abusing powers. But again… this is why you must trust the one with control over your data.

In such a case encrypting with e2e or replacing the servers sysadmin if determined to be abusing power… would be your best two options