Would this be invasion of privicy?

Hi Guys,

Im writing a web-based proxy server at the moment, and there are 2 different typesof user accounts (Standard and Admin).

My program has the potential to log every site that a user visits, and I was planning on having that information accessable by the admins. Do you think that this would be invasion of privacy?

I would think that as long as its within your own site or domain, it shouldn't be a problem but there may be some legalities involved.
Best thing to do may be to openly display such message to your users. By agreeing to such waiver, how can you get in trouble.

Something other than that may be like having spyware on a computer.

I don't see anything wrong with this, if it's for a business and your workers our connecting to the company proxy, they should be able to log all your activities.

Damn forgot something - the only problem I see is allowing certain number of people to view this information - the admin group should be small and be centered around network admin's.

The previous hospital that I worked at handled it by having all users sign a "Internet Usage Agreement". In it was the verbiage that the system would log all traffic and.... if "certain activities" were noticed individuals misusing the access/system would be dealt with. Fortunately, I was in the server group supporting the systems and thus "in the know". I was still monitored but, my buddies who were really watching the flags told me that they are not concerned with the occasional hit to a "unauthorized" (i.e. porn) site but rather those that were regularly visiting such sites. As it turned out, two different medical students that were doing their residency at the hospital and working night shift, were dropped from the program for too much extra curricular "medical" surfing at night.

You might not need a formal paper signed but I think at least some sort of usage agreement page when they get access will at least show that you are letting people know what is going on and are not trying to "spy" on anyone.

- Olórin

Thanks for the help guys. This software isn’t tailor made for any one in particular, it’s just a bit of software that I’m working on, and I plan to sell it.

Maybe i should give the option for the admin to enable site logging, or to disable it. Then, if the site admin has disabled site logging, then my web-based proxy server could display a message to the user saying 'This proxy service will not log your session' (or something of the similar). Then, if the admin does enable the logging system, a new message could be displayed at the beginning of each session that says 'This server will log your activity for security reasons...'.

I recon that would probs be the best way to deal with it anyway :-)

Thanks again, rep points for everyone!

Not a bad idea. If you are selling it, have both features and then the responsibility is on the purchaser.

- Olórin